<?php
session_start();
$key=substr($_SESSION['key'],0,4);
$number = $_REQUEST['number_captcha'];
	//echo $number.'|'.$key;
include('config.php');

if($number==$key && $number != ''){
	
	$username=strtolower(CleanSQLInjection($_POST['username']));
	$password=CleanSQLInjection($_POST['password']);
	$repeat=CleanSQLInjection($_POST['repassword']);
	$mail=$_POST['email'];
	$cmnd=$_POST['cmnd'];
	if(isset($_POST['reg']))
	{
		if($password == $repeat and $password != "" and $mail != "")
		{
			$check=mysql_query("Select * from account where id = '$username'");
			if(mysql_num_rows($check) == 0)
			{
				$check2=mysql_query("Select * from account where email = '$mail'");
				if(mysql_num_rows($check2) == 0)
				{
					$sql = "INSERT INTO account (id,password,email, cmnd) VALUES ('$username','$password','$mail', '$cmnd')";
					//echo $sql;
					mysql_query($sql);
					
					//$_SESSION['error']= $sql;
					header('Location: login.php?do=1');
					//$notice='Đăng kí thành công tài khoản <font color="blue">'.$username.'</font><br /> Click <a class="btnDNhap" href="login.php" target="_blank">&nbsp;</a>';
				}
				
				if(mysql_num_rows($check2) >= 1)
				{
					$notice="Email $mail đã được sử dụng";
				} 
			}
			if(mysql_num_rows($check) >= 1)
			{
				$notice="Tài khoản $username đã tồn tại";
			}
		}
		else
		{
			$notice="Thông tin bạn nhập chưa chính xác, đầy đủ $username";
		}
	}
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>Đao Kiếm Vô Tình Online</title>
<link href="css/styles.css" rel="stylesheet" type="text/css"/>
<script src="js/ga.js"></script>
</head>
<body>
<div id="container">
  <div class="close-beta"><img src="images/top_center.png" width="772" height="143" /></div>
  <div class="main-content">
    <div class="dangky"> <a href="login.php" target="">
      <div class="choi-ngay">&nbsp;</div>
      </a> <a href="regis.php" target="_blank">
      <div class="dang-ky">&nbsp;</div>
      </a> <a href="nap-the.php">
      <div class="nap-the">&nbsp;</div>
      </a> </div>
    <div class="regis">
      <h1><img src="images/title_reg.png" width="93" height="27" /></h1>
      <form action="regis.php" method="post" name="reg" onClick="return validate()">
        <!--<div style="text-align:center; color:#FFF;font-size:16px;font-weight:bold;padding-bottom:10px;">Thiên Mệnh</div>-->
        <label>Tên đăng ký</label>
        <input type="text" name="username" id="username" value="" helper="formText" placeholder="Tài Khoản" maxlength="24"/>
        <br/>
        <span class="org" id="username_err"></span>
        <div style="position: relative;">
          <div id="suggest_account" class="goiy">
            <div id="sub_suggest_account" align="left"></div>
          </div>
        </div>
        </td>
        <label>Mật khẩu</label>
        <input type="password" name="password" id="password" value="" helper="formPassword" placeholder="Mật Khẩu"/>
        <br/>
        <label>Xác nhận mật khẩu</label>
        <input type="password" name="repassword" id="repassword" value="" helper="formPassword" placeholder="Mật Khẩu"/>
        <br/>
        <label>Email</label>
        <input type="text" name="email" id="email" value="" helper="formText" placeholder="Email" maxlength="24"/>
        <br/>
        <label>CMND</label>
        <input type="text" name="cmnd" id="cmnd" value="" helper="formText" placeholder="CMND" maxlength="32"/>
        <br/>
        <?
        	$_SESSION['captcha'] = mt_rand(10000, 99999);
        ?>
        <div style="display:inline-block; width:350px; float:left;margin-left:150px;"> <img src="lib/Captcha/PHP-CAPTCHA/php_captcha.php"></div>
        <label>Mã kiểm tra:</label>
        <input type="text" name="number_captcha" id="code" value="" onfocus="if(this.value=='Mã kiểm tra') this.value=''" onblur="if(this.value=='') this.value='Mã kiểm tra'" value="Mã kiểm tra"/>
        <tr><?php echo $notice;?></tr>
        
        <input value="&nbsp;" name=reg type="submit" class="reg_button" style="margin-left:145px;">
      </form>
    </div>
    <div class="forum-main"> <a href="/"><img src="images/logo.png" width="220" height="249" /></a> <a href="http://diendan.daokiemvotinh.com" target="_blank">
      <div class="diendan">&nbsp;</div>
      </a> <a href="http://www.facebook.com/pages/%C4%90ao-Ki%E1%BA%BFm-V%C3%B4-T%C3%ACnh-Online/316889155100550" target="_blank">
      <div class="fanpage">&nbsp;</div>
      </a> </div>
  </div>
  <div class="bottom-image">&nbsp;</div>
</div>
</body>
</html>
<?
	function CleanSQLInjection($string)
	{
		$string = strip_tags($string);
		
		if(get_magic_quotes_gpc())  // prevents duplicate backslashes
		{
			$string = stripslashes($string);
		}
		
		$badWords = array("/delete/i", "/update/i","/union/i","/insert/i","/drop/i","/http/i","/--/i");
		$string = preg_replace($badWords, "", $string);
		
		if(!is_numeric($string))
		{
			$string = mysql_real_escape_string($string);
		}
		
		return $string;
	}
?>